MrJeck Ransomware

The MrJeck Ransomware is a file-locking Trojan and a possible variant of the Amnesia Ransomware family. The MrJeck Ransomware uses encryption routines for locking files and recommends that victims e-mail the attacker for restoration help in-text notes. Users should always have backups of any irreplaceable files for restoring and use anti-malware programs as necessary for removing the MrJeck Ransomware and similar threats.

The Consequences of Unexpected Security Problems

File-locking Trojans may spread out their means of generating profits but still are leaning heavily on blocking files for cash as a preferable opening gambit. Among hundreds of other Windows threats with similar payloads, the MrJeck Ransomware stands out poorly but accomplishes the same attacks of disrupting digital media access. The Windows Trojan blocks files and conducts related attacks as part of collecting a still-unknown ransom.

Malware researchers point to the MrJeck Ransomware's attributes suggesting a relationship with either the Amnesia or the Scarab Ransomware families tentatively. However, the estimate requires more proof for confirmation. Some of the more noteworthy features in this Windows threat include:

• Encrypting files such as documents, pictures, etc., so that they can't open
• Changing files' names to random-character strings with bracketed e-mails for contacting the attacker
• Creating text ransom notes claiming a 'security problem with your PC' and recommending contacting the e-mails for recovery assistance
• Registry changes that impact Windows Update, proxy and Intranet settings adversely
• Deleting the Restore Points (the Shadow Volume Copies)

Victims should try withholding any ransoms the attacker might demand until after testing every available solution, such as recovering from backups and using compatible freeware decryptors.

Keeping Trojans' Sticky Fingers Off a PC's Files

Only Windows users are at risk from the MrJeck Ransomware, even if similar file-locker Trojans target other operating systems. Because of the unknown security of its encryption feature, malware experts recommend that users quarantine the MrJeck Ransomware with appropriate security solutions and provide samples to any interested, reputable security researchers. Unlocking files might be as simple as running a freely-downloadable decryption tool – but could be impossible.

There's limited intelligence available on the MrJeck Ransomware's distribution, although its payload appears complete and out of the testing stage. Malware experts suggest using multiple precautions for preventing infections, such as refusing suspicious e-mail attachments, ignoring illegal downloads like torrents, updating software with applicable security patches, and turning off RDP, JavaScript and Word macros. Together, these defenses can block most drive-by-download exploits.

Users also can counter this Trojan at the installation stage. Almost all well-known anti-malware programs correctly detect and remove the MrJeck Ransomware, even though most detection labels are heuristic or generic.

The MrJeck Ransomware has many unknowns about its campaign, but what it wants is more than evident. Anyone working on Windows without dependable backups is asking for Trojans to take their data as hostages.